A newly highlighted Android malware family called BTMOB can give criminals broad control over infected phones, including stealing data and taking over the device. ESET says the remote access trojan (RAT) is spread through phishing pages and fake app stores, abuses Android Accessibility Services to gain elevated privileges, and is sold with an APK-building kit that lets buyers customize lures by country and brand. The campaign has mainly been observed in Latin America.
Why it matters: This is more serious than a typical banking trojan because it can turn an Android phone into a remotely controlled spying and theft tool. Android users should avoid app downloads from links in messages or fake stores, and defenders should watch for phishing infrastructure and abuse of Accessibility permissions.
Bill Toulas
2026.05.28
97% relevant
This is the same underlying ESET-reported BTMOB Android malware story, adding detail that the service includes a builder for custom phishing-themed payloads, is sold via Telegram with subscription pricing, is distributed through fake Google Play pages, and is concentrated in Brazil and Latin America.
Ionut Arghire
2026.05.28
100% relevant
This article appears to be the initial broad reporting on ESET's identification of BTMOB as a distinct Android malware threat sold as a customizable kit and delivered through phishing lures.
← Back to all stories